Dwight Eisenhower is credited with saying “Plans are worthless, but planning is everything.” No cybersecurity plan, however thorough and supported by cutting-edge technology, is perfect. Especially when you factor in the free will of your employees and an ever-changing landscape of threats, there are just too many variables to control. A breach is likely to happen.
Creating a planning process, however, that persists in the forms of ongoing training and practice drills will enable you to manage through an attack, deliver a good outcome, and avoid catastrophe. The third phase of your 3-phased cybersecurity implementation, poreparing your organization may only reflect a fraction of your cybersecurity plan, but it provides the overhead cover that makes a cybersecurity plan intact despite doing your best to prepare for the worest
Knowing Can Create a False Sense of Security
Unfortunately, many companies gain a (false) sense of security after identifying what needs to be protected and deploying an array of protection tools – stopping short of completing the journey.
Until your people are crystal clear about how to effectively leverage the tools that have been put in place, monitor threats, and practice recovering from an attack, the chance of a threat turning into a significant loss is high.
As we reviewed last time about phase 2 in your cybersecurity planning, Protect Your Assets, the CIS Controls include guidance and resources that, in the hands of an experienced cybersecurity professional, serve as a guidebook of priorities. Let’s dive into what preparing your team entails.
A Look at Data Recovery from Documentation to Testing
Data Recovery (CIS Control #11) means to "Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state."
The “Cybersecurity triad” refers to the importance of Confidentiality, Integrity and Availability of company information. In some cases, its availability is the most critical factor. By establishing (and practicing) systems and processes for restoring reliable versions of applications and data, you neutralize much of an attacker’s power.
In concert with data backup procedures put in place (CIS Control #3), data recovery plans must articulate processes and training to ensure your team can identify and restore applications and data from a known trusted state.
Note that there is significant overlap in the tools and skills you may already have developed to comply with data privacy laws and prepare for a disaster.
Key data recovery capabilities:
- Document and maintain a data recovery process
- Automate backups (weekly or even more frequently)
- Protect the recovery data
- Isolate recovery data
- Test recovery data (if you can’t restore and use it, you might as well not have it!)
Incident Response Management Preparation & Practice
Incident Response Management (CIS Control #17) means to "Establish a program to develop and maintain an incident response capability to prepare, detect, and quickly respond to an attack."
The saying that “time is money” is true for incident response. A business that can identify threats quickly, respond to them before they can spread, and remediate them before they cause harm will incur less downtime and damage.
Meanwhile, a business that does not develop and practice incident response plans might allow an attacker to “dwell” in the enterprise’s infrastructure for a long time, infecting more systems and planting more means of hacking back in once they are discovered and (seemingly) expelled.
Keys to developing nimble, effective incident response capabilities:
- Designate and train personnel to handle incidents
- Establish and maintain a list of contacts for incident reporting
- Establish and maintain a process for incident reporting
- Establish and maintain your process for incident response
- Conduct incident response exercises (think of it this way, you don’t get to say “this is not a drill” during an incident… if you haven’t performed any drills 😊)
Your Cybersecurity Plan Is Only as Good as Its Implementation
Well, that’s a wrap on our 3-phase approach cybersecurity plan overview: 1) Know your environment, 2) Protect your assets (where we showed you the CIS Controls) and now 3) Prepare your organization. This framework will help guide you in protecting your IT assets and preparing your company to recognize and recover from a threat.
A few reminders to help you bridge the gap between theory and success: 1) only a fraction of the safeguards detailed in the document may be critical for your organization, and 2) an experienced cybersecurity company will help you determine which ones are important and how to tailor them to meet your objectives and budget.
We manage the IT of over 300 companies, including protecting them from cyber threats. If you would like to have a no-obligation conversation with one of our cybersecurity experts, schedule a FREE Cybersecurity Consultation.